[Pkg-shadow-commits] r176 - in trunk/debian: . patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Mon, 23 May 2005 21:53:20 +0000
Author: nekral-guest
Date: 2005-05-23 21:53:20 +0000 (Mon, 23 May 2005)
New Revision: 176
Added:
trunk/debian/patches/330_CAN-2004-1001_passwd_check
Modified:
trunk/debian/changelog
trunk/debian/patches/series
Log:
Add the patch for CAN-2004-1001.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-05-23 21:00:28 UTC (rev 175)
+++ trunk/debian/changelog 2005-05-23 21:53:20 UTC (rev 176)
@@ -1,5 +1,8 @@
shadow (1:4.0.3-35) UNRELEASED; urgency=low
+ * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check patch
+ which fixed the "Adjusted password check to fix authentication bypass"
+ security issue (CAN-2004-1001)
* Debian packaging fixes:
- Add --host to config_options on cross build. Patch from NIIBE Yutaka.
Closes: #283729
Added: trunk/debian/patches/330_CAN-2004-1001_passwd_check
===================================================================
--- trunk/debian/patches/330_CAN-2004-1001_passwd_check 2005-05-23 21:00:28 UTC (rev 175)
+++ trunk/debian/patches/330_CAN-2004-1001_passwd_check 2005-05-23 21:53:20 UTC (rev 176)
@@ -0,0 +1,19 @@
+Goal: Adjusted password check to fix authentication bypass (Martin Schulze)
+Fixes: CAN-2004-1001
+
+Status wrt upstream: already applied upstream.
+
+Index: shadow-4.0.3/libmisc/pwdcheck.c
+===================================================================
+--- shadow-4.0.3.orig/libmisc/pwdcheck.c 2000-10-15 19:07:26.000000000 +0200
++++ shadow-4.0.3/libmisc/pwdcheck.c 2005-05-23 23:34:09.467134000 +0200
+@@ -40,7 +40,8 @@
+ retcode = pam_acct_mgmt(pamh, 0);
+ if (retcode == PAM_NEW_AUTHTOK_REQD) {
+ retcode = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+- } else if (retcode)
++ }
++ if (retcode)
+ goto bailout;
+
+ if (pam_setcred(pamh, 0))
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-05-23 21:00:28 UTC (rev 175)
+++ trunk/debian/patches/series 2005-05-23 21:53:20 UTC (rev 176)
@@ -73,6 +73,7 @@
327_newgrp_162303
328_successful_password_change
329_libmisc_failure_ngettext
+330_CAN-2004-1001_passwd_check
401_cppw_src.dpatch
403_sg_symlink_162339_163652.dpatch
404_undef_USE_PAM.dpatch